← Back to Skills Marketplace

公众号爆款文章查询

Name: 公众号爆款文章查询
Author: yuanyi-github

by to the moon · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install gzh-explosive-content-detector

Description

获取公众号热门文章数据，包含多个领域10w+文章，拆解流量密码。技能包含：根据用户输入的关键词，输出标题、作品链接、作者、发布时间、阅读数、推荐理由。

README (SKILL.md)

公众号爆款雷达

触发本技能并需要执行完整流程时，必须先读取与本技能同目录下的 references/gzh_explosive_content_workflow.md，并完整遵循其中的核心执行规则、操作步骤（功能一各步骤及步骤7自检）与输出要求。数据格式说明见 references/gzh_trend_data_format.md。脚本路径相对于技能目录：scripts/fetch_gzh_trends.py。

Usage Guidance

This skill mostly does what it claims (it calls an included Python script to fetch and format WeChat public-article trend data), but there are red flags you should consider before installing or using it: - The script calls a third-party API at onetotenvip.com. If you run the skill, your query keywords (and possibly other context) will be sent to that host. Only use it if you trust that service. - The script disables TLS certificate verification and deliberately avoids sending SNI (server name) when establishing HTTPS connections. This makes network connections opaque and can be used to evade interception detection — a risky implementation choice. Avoid sending sensitive or private keywords/data via this skill. - The SKILL.md lists the 'requests' library dependency, but the script does not use requests; this inconsistency may be benign but is worth asking the author about. Recommendations: - If you must use it, run it in an isolated/sandbox environment or on a machine/network where you can monitor outbound traffic (so you can see what is sent to onetotenvip.com). - Ask the skill author for the API provider's documentation and why TLS verification/SNI were disabled; prefer a version that uses verified TLS (requests or urllib with certificate validation) and a documented, trusted backend. - Do not use the skill for queries containing sensitive, confidential, or personally identifiable information until you can verify the remote service's trustworthiness. - If you have the capability, examine (or ask the author to publish) the remainder of the script to confirm there is no additional behavior (file reads, credential harvesting, unknown callbacks).

Capability Analysis

Type: OpenClaw Skill Name: gzh-explosive-content-detector Version: 1.0.0 The skill bundle contains a Python script `scripts/fetch_gzh_trends.py` that performs network requests to an external API (`onetotenvip.com`) using raw sockets and explicitly disables SSL certificate verification (`ssl.CERT_NONE`). While these techniques are common in scraping tools to bypass network filters or SNI-based blocking, they introduce significant security vulnerabilities such as Man-in-the-Middle (MITM) risks. The instructions in `SKILL.md` and `references/gzh_explosive_content_workflow.md` are highly directive and control the agent's workflow strictly, but they appear functionally aligned with the stated purpose of WeChat content analysis.

Capability Assessment

ℹ Purpose & Capability

Name/description (获取公众号热门文章) match the included script which queries a remote API and formats results. However there are two mismatches: the SKILL.md declares a dependency on the 'requests' library although the provided script implements its own raw-socket HTTPS client (it does not use requests), and the script calls an opaque third-party endpoint (https://onetotenvip.com/...) instead of a clearly documented official data source. Requiring network access to a single unknown domain is plausible for this purpose, but the combination with the custom transport is unexpected.

✓ Instruction Scope

Runtime instructions are explicit: read the included references, follow the workflow, and call scripts/fetch_gzh_trends.py with the given parameters. The SKILL.md does not instruct the agent to read arbitrary system files or extra environment variables beyond the included reference files, and the scripted flow enforces user-confirmation rules for generic keywords. The instruction scope is narrow and aligned with the stated purpose.

ℹ Install Mechanism

There is no install spec (instruction-only plus an included Python script), which minimizes installation risk. However the declared python dependency 'requests>=2.28.0' does not appear to be used by the provided script (the script implements HTTP via sockets). This mismatch is unexpected and could be benign sloppiness or an attempt to conceal behavior in a dependency; it merits review.

⚠ Credentials

The skill requests no environment variables or credentials, which is good. However the script sends user-supplied keywords and start dates directly to an external domain (onetotenvip.com) over a custom TLS connection that explicitly disables certificate verification and sets server_hostname=None (no SNI). That combination increases risk: queries (potentially containing sensitive keywords or context) will be transmitted to a third-party host, and TLS verification is disabled so man-in-the-middle interception cannot be detected. No justification for these choices is documented in SKILL.md or references.

✓ Persistence & Privilege

The skill does not request persistent privileges (always:false) and does not modify other skills' configuration. It runs a local Python script on demand. Autonomous invocation is enabled (platform default) but not combined with other high-risk indicators.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install gzh-explosive-content-detector
After installation, invoke the skill by name or use /gzh-explosive-content-detector
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

gzh-explosive-content-detector 1.0.0 initial release: - Added ability to fetch and analyze popular WeChat public account articles across multiple fields. - Supports keyword-based search to return title, article link, author, publication date, view count, and recommendation reason. - Enforces a strict workflow and output format by referencing external documentation for rules and data structure. - Requires Python requests library (>=2.28.0).

Metadata

Slug gzh-explosive-content-detector

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is 公众号爆款文章查询?

获取公众号热门文章数据，包含多个领域10w+文章，拆解流量密码。技能包含：根据用户输入的关键词，输出标题、作品链接、作者、发布时间、阅读数、推荐理由。 It is an AI Agent Skill for Claude Code / OpenClaw, with 80 downloads so far.

How do I install 公众号爆款文章查询?

Run "/install gzh-explosive-content-detector" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 公众号爆款文章查询 free?

Yes, 公众号爆款文章查询 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does 公众号爆款文章查询 support?

公众号爆款文章查询 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 公众号爆款文章查询?

It is built and maintained by to the moon (@yuanyi-github); the current version is v1.0.0.

More Skills